Checkmarx API Security was launched to empower the partnership between the developer and AppSec teams of an organization and is delivered as part of the Checkmarx One application security platform. 

Because APIs are used to access data and to call application functionality, they are easily exposed but difficult to defend which creates a large and growing attack surface, according to the company. 

“Attacks on applications are shifting to focus on APIs, and the pace of attacks is increasing. API abuses and exploits are a common attack category that can result in data breaches. DevSecOps teams are focusing attention on the need for improved API testing in development. To identify the optimal approach to API testing, they are looking to a mix of traditional tools (such as static AST [SAST] and dynamic AST [DAST]) and emerging solutions focused specifically on the requirements of APIs,” according to Gartner’s Hype Cycle for Application Security 2022 report. 

Checkmarx API Security offers the automatic identification of API endpoints without requiring API definition or registration, the ability to discover newly created or updated APIs as the source code is checked in or compiled by developers, unknown API identification, API-centric remediation, and a single application security testing solution for the entire application. 

The platform provides AppSec teams with an up-to-date view into their entire API attack surface, eliminating the problem of shadow and zombie APIs, according to Checkmarx.

Additional details on the new platform are available here